Digital watermarks as a gateway and control mechanism

ABSTRACT

An electronic e-mail system where messages contain information carried by digital watermarks. The digital watermarks are used to control the transmission and/or receipt of documents transmitted over system. The invention can be used to prevent the accidental dissemination of information to unauthorized receivers. Furthermore, while no security system is fool-proof, the present invention helps guards against the intentional, but unauthorized, dissemination of confidential information to unauthorized receivers.

RELATED APPLICATION

Applicant claims priority of co-pending application 60/183,681 filedFeb. 19, 2000 entitled “Digital Watermarks as a Gateway and ControlMechanism”.

FIELD OF THE INVENTION

The present invention relates to Internet communication and moreparticularly to using digital watermarks as control elements in Internetcommunication.

BACKGROUND OF THE INVENTION

The Internet presents security challenges to corporations and others whohave computers that store confidential information and that haveconnections to the Internet. Traditionally, documents containingconfidential information are marked with a legend or other visualindicia with words such a “CONFIDENTIAL”, “PROPRIETARY”, etc. Thepresence of these marks alert anyone handling such documents that theyshould only be transferred outside of company under special precautions.It is relatively difficult and unusual for someone to manually send sucha document to an unauthorized receiver inadvertently. However, the useof Internet communication changes the situation.

The Internet and electronic mail speeds the communications process;however, the Internet and electronic mail also make it much easier toinadvertently or accidentally send a confidential document to anunauthorized receiver. A single accidental or inadvertent keystroke canhave wide ranging unintended consequences. The Internet and otherelectronic communication systems make it easy to communicate; however,these systems and networks also make it easy to mistakenly orinadvertently send a document to the wrong party.

SUMMARY OF THE PRESENT INVENTION

The present invention utilizes digital watermarks to control thetransmission and/or receipt of documents transmitted over computernetworks such as the Internet. The invention can be used to prevent theaccidental dissemination of information to unauthorized receivers.Furthermore, while no security system is fool-proof, the presentinvention helps guard against the intentional, but unauthorized,dissemination of confidential information to unauthorized receivers.

Most electronically transmitted messages contain text. However,electronic mail systems generally allow images (i.e. pictures) or soundbites to be embedded into and form part of a message. For example, amessage can contain a “stamp” with the word “confidential” or a messagecan contain a sound clip with the word “confidential”. An image or soundclip that forms part of an electronic message can carry a digitalwatermark that can be detected and read by conventional watermarkreading programs.

The “payload” or digital data in a digital watermark typically has anumber of different fields. One or more of these fields can be dedicatedto a flags which indicates that the document or image containing thewatermark is confidential or otherwise classified and that it shouldonly be disseminated in a particular manor.

Typically, e-mail enters a transmission network by way of an e-mailserver. Programs that can detect and read watermarks are well known andcommercially available. With the present invention, the e-mail serverpasses each e-mail messages through a watermark detection and readingprogram prior to sending the message out over a network. If thewatermark program detects a watermark, it interrogates certain flag bitsto determine how the message should be handled. For example, if thewatermark reading program finds that a particular flag is set, it cantake action such as alerting both the sender and a networkadministrator. If the watermark program finds no watermark or finds thata particular flag is not set, the message is sent over the network in aconventional manner. Alternately, the message can be sent only if aparticular flag is set.

Thus, the present invention can serve as a control mechanism forcontrolling the dissemination and receipt of electronic messages.

Messages and documents also enter the Internet and other electronicnetworks from servers such as Web servers and FTP servers. In a similarfashion a watermark detection program can interrogate documents onservers such as Web and FTP servers and take action as described above.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a diagram with an image containing the words “Confidential”.

FIG. 2 is diagram of the fields in a typical watermark.

FIG. 3 is a diagram of a typical e-mail system.

FIG. 4 is a more detailed diagram of the watermark reading and detectionprogram shown in FIG. 3.

DESCRIPTION OF PREFERRED EMBODIMENTS

The embodiments of the invention described herein relate to systems fortransmitting e-mail messages over the Internet. This first embodimenthas the ability to prevent the accidental dissemination of confidentiale-mail messages and documents to unauthorized users. That is, the firstembodiment of the invention prevents the transmission of confidentiale-mail or documents to anyone. An alternate embodiment merely preventthe transmission of confidential documents to “unauthorized” users. Thatis, if a message is sent to two recipients, one of whom is authorizedand one of whom is not authorized, the documents are transmitted toauthorized user and not transmitted to unauthorized user. It is veryeasy to add addressees to an e-mail message. Someone may address ane-mail message which contains confidential information to a large groupof people without realizing the one of the addressee is not authorizedto receive confidential information. The system of the present inventionwill prevent such an e-mail from being transmitted to the unauthorizedperson even though the sender included the address of that person in thelist of addressee. Another alternative embodiment can take a variety ofactions such as logging messages or sending them to an administrator inaddition to preventing them from being disseminated.

A typical confidential document 10 is represented in FIG. 1. Thedocument 10 can either be an e-mail message, or alternatively it may bea document that is attached to an e-mail message. The document 10includes a confidentiality stamp 11 and lines of text. Theconfidentiality stamp 11 is an image that has the word “confidential”superimposed over a background that has a variety of lines. That is, thebackground in image 11 contains lines the width of which are varied tocarry a watermark in accordance with the teachings of U.S. applicationSer. No. 09/074,034, filed May 6, 1998, now U.S. Pat. No. 6,449,377,(which corresponds to PCT application PCT/US99/08252 (WO99/53428)), andUS application Ser. No. 09/127,502, filed Jul. 31, 1998 now U.S. Pat.No. 6,345,104 (which corresponds to PCT application PCT/US99/14532(WO00/07356)). The disclosures of the above referenced patentapplications are hereby incorporated herein in their entireties byreference. Alternatively the background of image 11 may comprise a weaveor tint pattern that carries a watermark. In still another alternativeembodiment, instead of having an image 11 embedded in the message, themessage may contain an audio clip with the word confidential. The audioclip would be watermarked using conventional audio watermarkingtechniques. However, in the first embodiment described herein, the image11 has both a human readable word “Confidential” and a digital watermarkthat can be read by a watermark detection and reading program.

The data fields and flags in a typical watermark payload are shown inFIG. 2. It should be understood that the fields and flags shown aremerely representative and they can take may alternative forms. The firstembodiment of the invention utilizes one of the flag fields to indicatethat a particular document is confidential. The other fields can be usedin a conventional manner. Alternate embodiments can use a number offlags to indicate actions that should be taken with a particularmessage.

FIG. 3 shows a typical e-mail system. A relatively large number ofindividual user terminal 301 are connected to an e-mail server 302. Onlyfive representative terminals designated 301 a to 301 x are shown forconvenience of illustration. The terminals 301 are connected to server302 by conventional connections such as by an Ethernet LAN or by dial upmodems. The e-mail server 302 has a conventional interface 303 to theInternet and it receives and sends messages from the individual users tothe Internet. The e-mail server 302 is conventional and the details ofthe e-mail server 302 forms no part of the present invention. However,with the present invention, before the e-mail server 302 transmits amessage from one of the individual user terminals 301 a to 301 x to theInternet, the e-mail server passes the message through a watermarkdetection and reading program 305. Both the e-mail message itself andany attached documents are passed through the watermark reading program.The watermark detection and reading program 305 determines if a messagecontains a watermark. If a watermark is detected, the confidentialityflag bit is interrogated. If the watermark reading program 305determines that the flag bit is set to “confidential”, the firstembodiment of the invention merely informs the e-mail server 302 toreturn the message to the sender. Thus, the first embodiment of theinvention prohibits any confidential information from being transmittedas part of an e-mail message.

A second embodiment of the invention provides for a wider array ofalternative. As shown in FIG. 4, the second embodiment of the inventionincludes a database 401. The database 401 contains a list of differentpotential message senders, a list showing different groups of potentialmessage recipients, and a set of possible categories indicated by thesetting of the various flags in a message. For example, the senders mayfall into three groups designated sender groups S1, S2 and S3. Thepotential recipients can fall into three groups designated R1, R2, andR3. The database 401 and the associated logic 402 can implement logicrules such as indicated by the following table:

Sender Recipient Flag Group Group Conditions Action S1 R1 011 Sendmessage S1 R2 110 Do not sent message notify the administrator S1 R2 001Send message, and log fact that S1 sent a message to R2. S1 R2 101Return message to sender S2 R1 011 Send message S2 R3 110 Do not sentmessage and notify the system administrator

It should be clearly noted that the above is merely a simplified exampleof the rules and combinations that could be in database 401. Thedatabase could include hundreds or thousands of users and it couldinclude dozens of rules. The system can be complex or simple as desiredfor a particular application. A system can include many alternatives inaddition to those shown above or a system might include only a very fewalternatives. For example, the system could include only a list ofaddresses which are authorized to receive messages which have aconfidentiality flag set to “confidential”. Such a system would allowconfidential documents to be only sent to selected addresses.Alternatively or in addition the system could include a list ofindividuals authorized to send confidential documents. The system couldmerely check the sender against this list or alternatively, the systemcould require that a password be entered when such messages areencountered. The table above shows only three flag bits. A system couldhave more or less flag bits as the needs of the particular systemrequire.

The import point is that the system considers the message sender, themessage recipient and the condition of the flags in the data carried bya digital watermark to determine what action should be taken. Thedigital watermark can be carried by the message using any of the knownways of watermarking a document. For example, it can be carried bymodulating the width of lines or by modulating the luminosity of pixelsin an image or by a watermark in audio data.

In alternate embodiments of the invention, the confidentiality stampcould include a watermark in an image by means other than using linewidth modulation as described with respect to the first embodiment ofthe invention. The background of the stamp could include a conventionalimage carrying a conventional watermark.

In an alternative embodiment of the invention, rather than checking fora digital watermark, the system could check for a text string such as“confidential” and take action in response to locating such a textstring.

The above described embodiments relate to controlling the disseminationof information; however, it should be understood that the inventioncould be applied in similar manner to control the receipt ofconfidential information or to control the action taken when messagescontaining watermarks are received.

While the previously described embodiments apply to e-mail systems,similar precautions could be taken with FTP servers or with Web servers.

While the invention has been shown and described with respect to variouspreferred embodiments, it should be understood that various changes inform and detail could be made without departing from the scope andspirit of the invention.

1. An electronic messaging system including a mail server which sendsand receives messages, said mail server including a watermark readingprogram that reads watermarks in said messages, the program operable toread watermarks in documents that form at least part of the messages andoperable to read watermarks in documents attached to the messages, andthe program operable to control distribution of said messages inresponse to data in said watermarks.
 2. A system that includes an e-mailserver connected to the Internet, the system comprising: means fortransmitting messages from an individual user to said e-mail server,watermark detecting means for detecting and reading watermarks in e-mailmessages at the server after the messages are sent from the user butbefore such messages are transmitted from said e-mail server to theInternet, means for preventing the transmission of messages from saide-mail server to the Internet if said watermark detecting means detectsa watermark which has an indication that the message including saidwatermark is confidential.
 3. A system for controlling the distributionof electronic messages that include confidential information, eachelectronic message having confidential information including a digitalwatermark carrying data that indicates that the message is confidential,a server which transmits and receives messages, said server including awatermark reading program that reads watermarks in messages and controlsthe distribution of such messages in accordance with the data carried bywatermarks in the messages, the program operable to read watermarks indocuments that form at least part of the messages and operable to readwatermarks in documents attached to the messages.
 4. The system recitedin claim 3 where the messages are transmitted over the Internet.
 5. Amethod of controlling the distribution of electronic messages thatinclude confidential information, said messages carrying digitalwatermarks that carry data indicating that the message includesconfidential information, passing messages to a watermark detectingprocess prior to transmission of said messages including passingdocuments in and attached to the messages to the watermark detectingprocess for detecting watermarks in the documents, and controlling thedistribution of an electronic message which includes a watermark inresponse to the data carried by the watermark in the message.
 6. Themethod recited in claim 5 wherein said messages are transmitted over theInternet.
 7. The method recited in claim 5 wherein a database isinterrogated to determine an action to take with a particular messagebased at least in part on the data carried by the watermark.
 8. Themethod recited in claim 5 wherein the action taken with respect to aparticular message is dependent on the identity of the sender, theidentity of the receiver and information carried by the watermark. 9.The method recited in claim 5 wherein an action taken with respect to aparticular message is dependent on the identity of the sender, theidentity of the receiver, information carried by the watermark, andinformation stored in a database.
 10. A method of transmittingelectronic messages from a sender to a receiver which comprises,detecting and reading digital watermarks carried in such messages todetermine how flags in such watermarks are set, interrogating a databaseto determine what action should be taken with a message based upon theidentity of the sender, the identity of the receiver and the flagsettings in the watermark in the message.
 11. The method recited inclaim 10 wherein said messages are transmitted over the Internet. 12.The method recited in claim 10 where the data carried by said watermarkindicates if the message includes confidential information.